SSH Access Not working on ASA's

Answered Question
Jul 7th, 2008

I am configuring my ASA's for ssh access prior to removing telnet access to them. However, I'm running into a problem. After I have configured ssh access (assigned a domain, generated my rsa key, and enabled ssh), I am unable to log in. My ssh client is running ssh v.1 and I've checked to make sure the ASA is allowing v.1 and 2. I've also checked to be sure the username and password for the account I have tried have been correct. Basically, it's behaving as if I have a bad password, as it accepts the connection and the username, but fails to accept the password. These accounts all have a privilege level of 15 and I'm able to use them to log into the ASDM. The policies associated with these accounts are the default and I've tried both configuring a new account through ASDM and the CLI. Neither seems to work. Any ideas?

Thanks!

I have this problem too.
0 votes
Correct Answer by anthony.king about 8 years 4 months ago

If you are using local username/passwords, make sure you have this command: "aaa authentication ssh console LOCAL"

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JORGE RODRIGUEZ Mon, 07/07/2008 - 07:42

Karen,

What you are saying is that none of the accounts passwords do work when ssh to the firewall? does this issue applies to the interfaces you have allow ssh under such as inside/outside ?

What version code are you running.

Could you capture ssh debug and post it.

asa#terminal monitor

in config mode

asa(config)#logging monitor 7

then issue debug ssh

try connecting to asa via ssh and capture debug output.

to disable debug

asa#no debugg all

And lastly even though ssh debug is a low level process it is adviced to conduct debug troubleshooting off during network production hours.

Rgds

-Jorge

Correct Answer
anthony.king Mon, 07/07/2008 - 08:20

If you are using local username/passwords, make sure you have this command: "aaa authentication ssh console LOCAL"

redwarrior Mon, 07/07/2008 - 08:26

This was exactly my problem. Once I set aaa authentication to local, it works like a charm! Thanks!

Actions

This Discussion